CVE-2026-8696

radare2 6.1.5 contains a use-after-free vulnerability in the gdbrpidslist function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability ...

@alivault/pico (>=0.1.0 <=0.1.2), @ardeora/start-devtools (>=1.0.0 <=1.0.1) +120 more potentially affected by unknown CVE via @tanstack/start-client-core (>=1.121.0-alpha.28 <=1.168.2)

@tanstack/start-client-core NPM version =1.121.0-alpha.28, =0.1.0, =1.0.0, =0.0.1, =0.5.2, =0.1.1, =0.0.4, =1.0.0, =0.2.0, =0.2.0, =0.1.1, =0.2.0, =0.2.0, =0.1.14, =0.1.0, =0.1.38 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3487...

Malicious code in @tanstack/start-client-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5561f0a3c6cc70a2aee56f25476fadbba6cc833f55c0dde246737b99f38c9e8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3487 Malicious code in @tanstack/start-client-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5561f0a3c6cc70a2aee56f25476fadbba6cc833f55c0dde246737b99f38c9e8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@alivault/pico (>=0.1.0 <=0.1.2), @ardeora/start-devtools (>=1.0.0 <=1.0.1) +120 more potentially affected by CVE-2026-45321 via @tanstack/start-client-core (>=1.121.0-alpha.28 <=1.168.2)

@tanstack/start-client-core NPM version =1.121.0-alpha.28, =0.1.0, =1.0.0, =0.0.1, =0.5.2, =0.1.1, =0.0.4, =1.0.0, =0.2.0, =0.2.0, =0.1.1, =0.2.0, =0.2.0, =0.1.14, =0.1.0, =0.1.38 and more Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKSTARTCLIENTCORE-16640238...

at.ganzleicht.vaadin:vaadin-server (>=9.1.1 <=9.1.3), br.com.thiagomoreira.liferay.plugins.fix-virtual-host-app:fix-virtual-host-hook (>=2.0.0 <=5.1.0) +663 more potentially affected by CVE-2025-43740 via com.liferay.portal:com.liferay.portal.kernel (>=100.0.0 <=9.4.0)

com.liferay.portal:com.liferay.portal.kernel MAVEN version =100.0.0, =9.1.1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.0.2.RELEASE, =0.0.2.RELEASE, =0.0.2.RELEASE, =0.0.2.RELEASE, =0.0.2.RELEASE, =1.0.0.RELEASE - com.gitee.pif...

Malicious code in traceviz-client-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f13f02647de53cecc725fc4d06dbe6ba022bfcee2f3ee730df96d83db43e18f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1946 Malicious code in traceviz-client-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f13f02647de53cecc725fc4d06dbe6ba022bfcee2f3ee730df96d83db43e18f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0), ai.ancf.lmos-router:lmos-router-hybrid (>=0.2.0 <=0.28.0) +2453 more potentially affected by CVE-2024-49580 via io.ktor:ktor-client-core-jvm (>=1.0.0-rc <=2.3.12)

io.ktor:ktor-client-core-jvm MAVEN version =1.0.0-rc, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.0, =0.1.0, =0.1.3 - ai.systema:systema-sdk-android-debug =0.1.0-alpha and more Source cves: CVE-2024-49580 Source advisory: OSV:GHSA-8QV4-773J-C979...

aldryn-django (=4.2.10.0), am-report (=0.1.5) +80 more potentially affected by CVE-2024-41990 via django (>=4.2.0 <=4.2.14)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-41990 Source advisory: OSV:PYSEC-2024-68...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry. An attacker can gain access to credentials by examining th...

aldryn-django (=4.2.10.0), am-report (=0.1.5) +80 more potentially affected by CVE-2024-38875 via django (>=4.2.0 <=4.2.13)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-38875 Source advisory: OSV:PYSEC-2024-56...

org.eclipse.leshan:leshan-bsserver-demo (>=2.0.0-M1 <=2.0.0-M12), org.eclipse.leshan:leshan-client-cf (>=2.0.0-M1 <=2.0.0-M12) +9 more potentially affected by CVE-2023-41034 via org.eclipse.leshan:leshan-core (>=2.0.0-M1 <=2.0.0-M12)

org.eclipse.leshan:leshan-core MAVEN version =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M10, =2.0.0-M1, =2.0.0-M1, =2.0.0-M10, =2.0.0-M1, =2.0.0-M1, =2.0.0-M12 Source cves: CVE-2023-41034 Source advisory: OSV:GHSA-WC9J-GC65-3CM7...

bfactory (>=0.4.0 <=0.4.4), coop (>=5.2.0 <=5.2.2) +38 more potentially affected by CVE-2023-31047 via django (>=4.2.0 <=4.2.0rc1)

django PYPI version =4.2.0, =0.4.0, =5.2.0, =3.1.0, =7.2.2, =39.1.0, =9.3.0, =0.1.0a1, =1.0.0, =0.2.1, =0.2.2 - django-handy-admin =0.0.0 and more Source cves: CVE-2023-31047 Source advisory: OSV:GHSA-R3XC-PRGR-MG9P...

Malicious code in xfi-client-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e64ce97b65c860af48cd5705f1900f14be88ebe32d5d3baa3902772cbb4ea61 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-7272 Malicious code in xfi-client-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e64ce97b65c860af48cd5705f1900f14be88ebe32d5d3baa3902772cbb4ea61 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @logistics-frontend/client-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ec68c4d34cf87350cff78bf89af4256fe327563a079c07c24cc75114db204ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-391 Malicious code in @logistics-frontend/client-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ec68c4d34cf87350cff78bf89af4256fe327563a079c07c24cc75114db204ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

au.com.permeance:liferay-clojure-integration (=0.1), com.liferay.maven.plugins:liferay-maven-plugin (>=6.0.2 <=6.0.6) +6 more potentially affected by CVE-2010-5327 via com.liferay.portal:portal-impl (>=5.2.3 <=6.2.1)

com.liferay.portal:portal-impl MAVEN version =5.2.3, =6.0.2, =6.1.2, =5.2.3, =2.4, =1.0, =2.0, =2.5 Source cves: CVE-2010-5327 Source advisory: OSV:GHSA-97GM-MCV6-CPHM...

com.gitee.pulanos.pangu:pangu-gateway-spring-boot-starter (>=5.0.7 <=5.1.0), org.apache.shenyu:shenyu-admin (>=2.4.0 <=2.4.1) +108 more potentially affected by CVE-2022-23944 via org.apache.shenyu:shenyu-common (>=2.4.0 <=2.4.1)

org.apache.shenyu:shenyu-common MAVEN version =2.4.0, =5.0.7, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.1 and more Source cves: CVE-2022-23944 Source advisory: OSV:GHSA-6V39-P2XQ-G5C3...